Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

BlackCore Trojan & Blue Screen on Vista 32-bit

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

BlackCore Trojan & Blue Screen on Vista 32-bit

Unread postby randomomen » May 18th, 2007, 4:05 pm

Hello. I have a curious problem. For one, I've found the BlackCore Trojan on my PC with Spybot S&D. I can remove it, reboot, then re-run Spybot and it's clear. Then the next day it's back again.

For two, my PC blue screens once a day, and on start-up after it's been turned off for some hours. For example, when I go to sleep at night and turn the PC on the next day. I'm not sure if this is related to BlackCore
but if I figured I'd mention this.

Today I found the BlackCore again with SpyBot. Before I removed it, I visited here. I downloaded the 30-day trial version of TrojanHunter and ran it. TrojanHunter did not find anything suspicious (no files or no ports open).

Here's my HijackThis log: (Note, I edited the USERS portion because it had my full name in it. The exact portion now reads "XYZ123" instead.)


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:03:12 PM, on 5/18/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\XYZ1234\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

--
End of file - 4524 bytes
randomomen
Active Member
 
Posts: 8
Joined: May 18th, 2007, 3:29 pm
Advertisement
Register to Remove

Unread postby silver » May 26th, 2007, 12:38 am

Hi randomomen,

I'm sorry it's taken so long for you to get a response.

If your computer actually has been infected by the Blackcore trojan, then you should know that it is a backdoor trojan. It allows remote access to your computer and has the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:
  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know in your next response, I'll now continue with instructions for cleaning.

Open Spybot S&D and press the Recovery button
Please note the name/path (e.g. C:\Windows\trojan.exe) of the trojan file(s) it has detected and post them in your next response.
Please take care not to restore any of the items listed there!

Next, please scan your computer with Dr Web:

Download Dr.WEB CureIt to your desktop from here:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
  • Right-click cureit.exe and choose Run as administrator to start the program. Allow the UAC prompt.
  • Press Start and then OK to start the Express scan
  • The Express scan takes just a few moments to finish, if something is found, click Yes to cure it
  • Once the short scan has finished, Click Options->Change settings
  • Choose the Scan tab and remove the check mark from Heuristic analysis
  • Choose the Actions tab and next to Infected objects select Move, then press OK to close the settings box.
  • Select all hard drives to be scanned by clicking on them - choose all drives - a red dot confirms they will be scanned
  • Click the green arrow on the right to start the scan
  • Click Yes to all if it asks if you want to move a file
  • Click File-> Save report list and save the report to your desktop
  • Close Dr.Web Cureit and reboot your computer (this is important as files may be moved/deleted during reboot)


Please download and install HijackThis version 1.991, the version you have is still a beta (testing) version and at this time is unproven, so we need to use the latest full release:

Download the latest HJTsetup.exe from this link:
http://downloads.malwareremoval.com/HJTsetup.exe

Once it has downloaded, please open Control Panel->Uninstall a program/Programs and Features and remove HijackThis 2.0.0. Then remove the program file by deleting HiJackThis_v2.exe from your desktop.

Double-click on HJTsetup.exe to start installation, OK the security warning and Allow the UAC prompt
By default it will install to C:\Program Files\HijackThis
Continue to click Next in the setup dialog boxes until you are asked which additional icons you would like
Put a check by Create a desktop icon then click Next again.
Press Install and then Finish and it will automatically launch HijackThis.

Once complete, please post the Dr Web log along with a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby randomomen » May 26th, 2007, 10:39 pm

I went to the Recovery area of SpyBot and nothing was there. I ran SpyBoy again and found the BlackCore, removed it, and still found nothing in the recovery area. Weird. Perhaps it's worth saying that I'm finding the Blackcore cookie and it says "FireFox default". Everything else went as planned.

Logfile of HijackThis v1.99.1
Scan saved at 10:30:25 PM, on 5/26/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Below is the DrWeb.. the XYZ123 is my username that I typed over same as in my first post. Otherwise everything is exact.

RegUBP2b-XYZ123.reg;C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Applic;Trojan.StartPage.1505;Moved.;
RegUBP2b-XYZ123l.reg;C:\Documents and Settings\Kenneth D. Stonwell\DoctorWeb\Quarantine;Trojan.StartPage.1505;Moved.;
randomomen
Active Member
 
Posts: 8
Joined: May 18th, 2007, 3:29 pm

Unread postby silver » May 27th, 2007, 12:18 am

Hi randomomen,

I need to see a Spybot log file to know exactly what it is detecting.

It sounds like you are getting regular detections, so please scan with Spybot and once you get a detection of Blackcore, use this procedure and post the results:
  • Open Spybot, press the Check for problems button and wait for the scan to complete
  • Make sure all problems are checked then press Fix selected problems
  • If on the list of problems was the Blackcore detection, right-click the list of problems, select Save full report to file... and save SpybotSD.Results.txt to your Desktop

Once complete, please post the Spybot log and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby randomomen » May 27th, 2007, 9:33 am

--- Search result list ---
AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)


BlackCore: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-05-14 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-23 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-05-23 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-05-23 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-05-23 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-05-16 Includes\Malware.sbi (*)
2007-05-23 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-05-23 Includes\PUPSC.sbi (*)
2007-05-23 Includes\Revision.sbi (*)
2007-05-24 Includes\Security.sbi (*)
2007-05-23 Includes\SecurityC.sbi (*)
2007-05-23 Includes\Spybots.sbi (*)
2007-05-23 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-05-16 Includes\Trojans.sbi (*)
2007-05-23 Includes\TrojansC.sbi (*)



--- System information ---
Unknown Windows version 6.0 (Build: 6000)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2


--- Startup entries list ---
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: b93c4070f24e46b0097648c276b5039e

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 257088
MD5: b0e9efadf04e9e25c0001b48757f3e71

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\Windows\KHALMNPR.EXE
size: 101136
MD5: cd746e8c320a2a163589bba7f4fc570a

Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
file: C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 136768
MD5: 5dc6da1b20e62bba3eb5716367da580d

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\RUNDLL32.EXE
size: 44544
MD5: 4b555106290bd117334e9a08761c035a

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\RUNDLL32.EXE
size: 44544
MD5: 4b555106290bd117334e9a08761c035a

Located: HK_LM:Run, NvSvc
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file: C:\Windows\system32\RUNDLL32.EXE
size: 44544
MD5: 4b555106290bd117334e9a08761c035a

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 7fbe43046efdf24fc9375024e4d02ac9

Located: HK_LM:Run, ShStatEXE
command: "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
file: C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
size: 112216
MD5: b02178866c19f73310fd70b789135240

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file:

Located: HK_CU:Run, ehTray.exe
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125440
MD5: 2e0953919779a44bf9dfb7b07c58535a

Located: HK_CU:Run, Sidebar
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file:

Located: HK_CU:Run, WMPNSCFG
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 201728
MD5: 20ef9002cff89c4c1077e4415ec7297b

Located: Startup (common), HP Digital Imaging Monitor.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 210520
MD5: 1ba45cdef852381da4a95d056ddb4b48

Located: Startup (user), GameSpot Download Manager.lnk
command: C:\Program Files\GameSpot\GDM_TrayApp.exe
file: C:\Program Files\GameSpot\GDM_TrayApp.exe
size: 237568
MD5: a4be4c079897f4109e52808ae66472f8



--- Browser helper object list ---
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files\McAfee\VirusScan Enterprise\
Long name: ScriptCl.dll
Short name:
Date (created): 11/30/2006 8:50:00 AM
Date (last access): 4/4/2007 5:53:02 PM
Date (last write): 11/30/2006 8:50:00 AM
Filesize: 67136
Attributes: archive
MD5: 100ADCB3C368F15B83DA81278101D53B
CRC32: 70466014
Version: 13.3.1.100



--- ActiveX list ---
{6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class)
DPF name:
CLSID name: HpProductDetection Class
Installer: C:\Windows\Downloaded Program Files\setup.inf
Codebase: http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
Path: C:\Program Files\HP\Common\
Long name: HPDeviceDetection.dll
Short name: HPDEVI~1.DLL
Date (created): 2/27/2007 11:52:20 AM
Date (last access): 4/4/2007 5:06:12 PM
Date (last write): 2/27/2007 11:52:20 AM
Filesize: 506424
Attributes: archive
MD5: B5547E636E94A2A3B6BEF42964D72D44
CRC32: 562C504A
Version: 4.0.0.0



--- Process list ---
PID: 368 ( 4) \SystemRoot\System32\smss.exe
PID: 500 ( 488) C:\Windows\system32\csrss.exe
size: 7680
MD5: 117B7C8A8B026A5DCE5E3180ED05E823
PID: 552 ( 488) C:\Windows\system32\wininit.exe
size: 95744
MD5: D4385B03E8CCCEE6F0EE249F827C1F3E
PID: 564 ( 544) C:\Windows\system32\csrss.exe
size: 7680
MD5: 117B7C8A8B026A5DCE5E3180ED05E823
PID: 596 ( 552) C:\Windows\system32\services.exe
size: 279552
MD5: 329CF3C97CE4C19375C8ABCABAE258B0
PID: 608 ( 552) C:\Windows\system32\lsass.exe
size: 7680
MD5: 6A0E382E74280E4CC0DF17FE2661D003
PID: 616 ( 552) C:\Windows\system32\lsm.exe
size: 210944
MD5: 77F52395637906269B91264FFE576B51
PID: 772 ( 596) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 784 ( 544) C:\Windows\system32\winlogon.exe
size: 308224
MD5: 9F75392B9128A91ABAFB044EA350BAAD
PID: 852 ( 596) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 900 ( 596) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 940 ( 596) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 972 ( 596) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 988 ( 596) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1164 ( 596) C:\Windows\system32\SLsvc.exe
size: 2592256
MD5: 7610645679BB5994210D21A347E0C479
PID: 1204 ( 596) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1340 ( 596) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1572 ( 596) C:\Windows\System32\spoolsv.exe
size: 124928
MD5: DA612EF2556776DF2630B68BF2D48935
PID: 1604 ( 596) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1912 ( 596) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1928 ( 596) C:\Program Files\GameSpot\DownloadManager_Win32.exe
size: 700416
MD5: DA4883E6212D9E644FD874AFAB7460B6
PID: 1992 ( 596) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 268 ( 596) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
size: 104000
MD5: 1BC1A6B644D4CC1964CD851E92B604F4
PID: 588 ( 596) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
size: 144960
MD5: 12BEF73E0281AC793865BE1A331C67FC
PID: 836 ( 596) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
size: 54872
MD5: DD61B815E2CBA6CCA6B7ED607F466652
PID: 980 ( 772) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
size: 136768
MD5: EFB1E30EA77C70704F1417E20CC4BF53
PID: 1616 ( 596) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1468 ( 596) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 2100 ( 596) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 2120 ( 596) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 2156 ( 596) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 2184 ( 596) C:\Windows\system32\SearchIndexer.exe
size: 287744
MD5: 5DE40982E3AE45DC00586A93637B351B
PID: 2896 ( 988) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 3336 ( 988) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 3440 ( 972) C:\Windows\system32\Dwm.exe
size: 83456
MD5: E87B968F3D49117445893EB0503FE34F
PID: 3412 ( 988) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 3676 (2816) C:\Windows\Explorer.EXE
size: 2923520
MD5: FD8C53FB002217F6F888BCF6F5D7084D
PID: 1796 (3336) C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
size: 597504
MD5: CA63E3637BB5F8504A60DB5D4604490E
PID: 1812 (3676) C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77
PID: 1780 (3676) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
size: 49152
MD5: B93C4070F24E46B0097648C276B5039E
PID: 2480 (3676) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
size: 112216
MD5: B02178866C19F73310FD70B789135240
PID: 3996 (3676) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 136768
MD5: 5DC6DA1B20E62BBA3EB5716367DA580D
PID: 2420 (3676) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 2292 (3676) C:\Program Files\iTunes\iTunesHelper.exe
size: 257088
MD5: B0E9EFADF04E9E25C0001B48757F3E71
PID: 4036 (4032) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 3960 (3676) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1196032
MD5: 43632977504B323F8A41BF7A9965C453
PID: 3876 (3676) C:\Windows\ehome\ehtray.exe
size: 125440
MD5: 2E0953919779A44BF9DFB7B07C58535A
PID: 2524 (3996) C:\Program Files\McAfee\Common Framework\McTray.exe
size: 86016
MD5: F01DE4E2D6DF141628BAB697B7B43057
PID: 2884 (3676) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 201728
MD5: 20EF9002CFF89C4C1077E4415EC7297B
PID: 3912 (3676) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 210520
MD5: 1BA45CDEF852381DA4A95D056DDB4B48
PID: 3060 (3676) C:\Program Files\GameSpot\GDM_TrayApp.exe
size: 237568
MD5: A4BE4C079897F4109E52808AE66472F8
PID: 2808 ( 772) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 693E4C15CEE5D6487D7913A2701B5E40
PID: 2944 ( 772) C:\Windows\system32\wbem\wmiprvse.exe
size: 245248
MD5: CD8A7F4847DD181903E6B2F1924E723E
PID: 2560 ( 596) C:\Program Files\Windows Media Player\wmpnetwk.exe
size: 895488
MD5: ACB2E63D50157E3EA7140F29D9E76A48
PID: 876 ( 596) C:\Program Files\iPod\bin\iPodService.exe
size: 500800
MD5: 661194608009B558DE1925C7EBE1A4BA
PID: 3828 ( 772) C:\Windows\system32\wbem\unsecapp.exe
size: 37376
MD5: E19C7BCE081B85F86F03AE9D82FFA77B
PID: 3988 (3912) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
size: 271960
MD5: 85E7BB8A103644085C5C665481022E56
PID: 4024 (4060) C:\Program Files\Internet Explorer\ieuser.exe
size: 288256
MD5: A4E1954DF053935983C988EDFF2EF1FF
PID: 424 (3676) C:\Windows\system32\NOTEPAD.EXE
size: 151040
MD5: FF7F14FDA901090E337488A1900E3660
PID: 1420 (3676) C:\Program Files\Trillian\trillian.exe
size: 1646592
MD5: F7BDD6285272B0F2AA7B401ED27F3068
PID: 4052 (3676) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7633008
MD5: 7B4EFF333F1B963812F6BEDC06CA2758
PID: 3600 ( 772) C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
size: 190696
MD5: 308E504CD2F63D49B5E2E019C540FD9A
PID: 3388 (2116) C:\Program Files\Internet Explorer\iexplore.exe
size: 623616
MD5: 8308F01F27DF839E0010B0F72F855E35
PID: 3068 (3676) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3944 ( 772) C:\Windows\system32\DllHost.exe
size: 7168
MD5: BE01E566D1F569AAB32D0335613E1EEA
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 1076 ( 940) audiodg.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 5/27/2007 9:30:32 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157


--- Winsock Layered Service Provider list ---
Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:



--- Uninstall list ---
(AddressBook)

Adobe Flash Player ActiveX 9.0.45.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Adobe Flash Player Plugin 9.0.45.0 (Adobe Flash Player Plugin)
uninstall cmd: C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated

(Connection Manager)

(DirectDrawEx)

(DXM_Runtime)

(Fontcore)

GameSpot Download Manager (GameSpotDownloadManager)
uninstall cmd: "C:\Program Files\GameSpot\uninstall.exe"

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\Hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

Hijackthis 1.99.1 (Hijackthis_is1)
install location: C:\Program Files\Hijackthis\
uninstall cmd: "C:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org

HP Imaging Device Functions 8.0 8.0 (HP Imaging Device Functions)
uninstall cmd: C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
publisher: HP
help link: http://www.hp.com/support

HP Solution Center 8.0 8.0 (HP Solution Center & Imaging Support Tools)
uninstall cmd: C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
publisher: HP
help link: http://www.hp.com/support

HP Customer Participation Program 8.0 8.0 (HPExtendedCapabilities)
uninstall cmd: C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
publisher: HP
help link: http://www.hp.com/support

HP OCR Software 8.0 8.0 (HPOCR)
uninstall cmd: C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
publisher: HP
help link: http://www.hp.com/support

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(KB885884)

LimeWire 4.12.11 4.12.11 (LimeWire)
uninstall cmd: "C:\Program Files\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: http://www.limewire.com/support

(MobileOptionPack)

Mozilla Firefox (2.0.0.3) 2.0.0.3 (en-US) (Mozilla Firefox (2.0.0.3))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

(MPlayer2)

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\Windows\system32\NVUNINST.EXE UninstallGUI

(SchedulingAgent)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Trillian (Trillian)
uninstall cmd: C:\Program Files\Trillian\trillian.exe /uninstall

TrojanHunter 4.6 4.6 (TrojanHunter_is1)
install date: 20070518
install location: C:\Program Files\TrojanHunter 4.6\
uninstall cmd: "C:\Program Files\TrojanHunter 4.6\unins000.exe"
publisher: Mischel Internet Security
help link: http://www.misec.net

Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

QuickTime 7.1.6.200 ({08094E03-AFE4-4853-9D31-6D0743DF5328})
version: 117506054
version (major): 7
version (minor): 1
estimated size: 72261
install date: 20070517
install location: C:\Program Files\QuickTime\
install source: C:\Users\KENNET~1.STO\AppData\Local\Temp\IXP007.TMP\
uninstall cmd: MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

AIO_Scan 82.0.173.000 ({0D2E9DCB-9938-475E-B4DD-8851738852FF})
version: 1375731885
version (major): 82
estimated size: 977
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\AiO_Scan\
publisher: Hewlett-Packard

Scan 8.1.0.0 ({1746EA69-DCB6-4408-B5A5-E75F55439CDF})
version: 134283264
version (major): 8
version (minor): 1
estimated size: 11923
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\Scan\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

WebReg 82.0.173.000 ({179C56A4-F57F-4561-8BBF-F911D26EB435})
version: 1375731885
version (major): 82
estimated size: 905
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\WebReg\
publisher: Hewlett-Packard

Sid Meier's Civilization 4 1.61 ({186A63A2-4256-43C6-8061-95EF77A5CDB6})
version: 20774912
version (major): 1
version (minor): 61
estimated size: 1853
install date: 20070519
install location: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\
install source: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\{186A63A2-4256-43C6-8061-95EF77A5CDB6}\
publisher: Firaxis Games
contact: Customer Support Department
help link: ##IDS_PRODUCT_URL##

c3100_Help 82.0.233.000 ({1AE3E621-E0C0-4aa1-B10B-B3E353A8D110})
version: 1375731945
version (major): 82
estimated size: 5089
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\Setup\producthelp\
publisher: Hewlett-Packard

HP Photosmart.All-In-One Driver Software 8.0 .A 8.0 ({282E5AB2-8E47-4571-B6FA-6B512555B557})
uninstall cmd: C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
publisher: HP
help link: http://www.hp.com/support

J2SE Runtime Environment 5.0 Update 3 1.5.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0150030})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 146909
install date: 20070414
install source: http://java.sun.com/webapps/download/Ge ... dows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_03\README.txt

iTunes 7.1.1.5 ({3592F5CB-B524-43AA-92F2-2377268199CC})
version: 117506049
version (major): 7
version (minor): 1
estimated size: 51666
install date: 20070517
install location: C:\Program Files\iTunes\
install source: C:\Users\KENNET~1.STO\AppData\Local\Temp\IXP007.TMP\
uninstall cmd: MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

McAfee VirusScan Enterprise 8.6.0 ({35C03C04-3F1F-42C2-A989-A757EE691F65})
version: 134610944
version (major): 8
version (minor): 6
estimated size: 37771
install date: 20070404
install location: C:\Program Files\McAfee\VirusScan Enterprise\
install source: C:\Users\KENNET~1.STO\AppData\Local\Temp\
uninstall cmd: MsiExec.exe /X{35C03C04-3F1F-42C2-A989-A757EE691F65}
publisher: McAfee, Inc.
help link: https://mysupport.mcafee.com
help telephone: +1 (408) 988-3832

MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
version: 68429425
version (major): 4
version (minor): 20
estimated size: 1269
install date: 20070404
install source: C:\acd8d142a2092bd4452cee77fb\
uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927978

AIO_CDA_ProductContext 82.0.233.000 ({44F5A980-8A6B-4aca-8D85-EFCE5D67D379})
version: 1375731945
version (major): 82
estimated size: 97
install date: 20070404
install source: C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\
publisher: Hewlett-Packard

DocProc 8.1.0.0 ({49F2B650-2D7B-4F59-B33D-346F63776BD3})
version: 134283264
version (major): 8
version (minor): 1
estimated size: 79899
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\DocProc\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

eSupportQFolder 1.00.0000 ({66E6CE0C-5A1E-430C-B40A-0C90FF1804A8})
version: 16777216
version (major): 1
estimated size: 124
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\QFolder\
publisher: Hewlett-Packard

HPProductAssistant 82.0.173.000 ({67D3F1A0-A1F2-49b7-B9EE-011277B170CD})
version: 1375731885
version (major): 82
estimated size: 4907
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\hpproductassistant\
publisher: Hewlett-Packard

CustomerResearchQFolder 1.00.0000 ({6F5E2F4A-377D-4700-B0E3-8F7F7507EA15})
version: 16777216
version (major): 1
estimated size: 124
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\QFolder\
publisher: Hewlett-Packard

Dawn of War - Dark Crusade Demo 1.0 ({73B5C5C0-FEF4-4DC1-89F3-C45DC11957DF})
version: 16777216
version (major): 1
estimated size: 403968
install date: 20070426
install location: C:\Program Files\THQ\Dawn of War - Dark Crusade Demo\
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{73B5C5C0-FEF4-4DC1-89F3-C45DC11957DF}
publisher: THQ

Ad-Aware SE Personal 1.0.6 ({78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747})
version: 16777222
version (major): 1
estimated size: 3557
install date: 20070515
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
publisher: Lavasoft AB
help link: http://www.lavasoftsupport.com

Fax 82.0.188.000 ({7A7DC702-DEDE-42A8-8722-B3BA724D546F})
version: 1375731900
version (major): 82
estimated size: 6545
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\fax\
publisher: Hewlett-Packard

DocProcQFolder 1.00.0000 ({87E2B986-07E8-477a-93DC-AF0B6758B192})
version: 16777216
version (major): 1
estimated size: 120
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\QFolder\
publisher: Hewlett-Packard

3.0.7.009 ({8ADC27DB-E2C8-446C-A576-166C05C2DD24})
version: 50331655
version (major): 3
estimated size: 192
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\HPUpdate\
publisher: Hewlett-Packard

URGE 1.1.9060.0 ({8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF})
version: 16851812
version (major): 1
version (minor): 1
estimated size: 6031
install date: 20070414
install location: C:\Program Files\MTV Networks\URGE\
install source: C:\Windows\Downloaded Installations\{FE6F1783-A2E5-4CFA-8255-BA2C5299B0BB}\
uninstall cmd: MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
publisher: MTV Networks

HP Update 4.000.005.007 ({8C6027FD-53DC-446D-BB75-CACD7028A134})
version: 67108869
version (major): 4
estimated size: 3654
install date: 20070405
install source: C:\Users\KENNET~1.STO\AppData\Local\Temp\pft53DB.tmp\
uninstall cmd: MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
publisher: Hewlett-Packard
contact: http://www.hp.com/support

Microsoft Office XP Professional with FrontPage 10.0.6626.0 ({90280409-6000-11D3-8CFE-0050048383C9})
version: 167778786
version (major): 10
estimated size: 382456
install date: 20070509
install source: D:\
uninstall cmd: MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM

MarketResearch 82.0.174.000 ({95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9})
version: 1375731886
version (major): 82
estimated size: 1869
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\MarketResearch\
publisher: Hewlett-Packard

Status 82.0.173.000 ({978C25EE-5777-46e4-8988-732C297CBDBD})
version: 1375731885
version (major): 82
estimated size: 3393
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\Status\
publisher: Hewlett-Packard

Destinations 82.0.173.000 ({9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF})
version: 1375731885
version (major): 82
estimated size: 19085
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\Destinations\
publisher: Hewlett-Packard

Apple Software Update 1.1.0.3 ({A260B422-70E1-41E2-957D-F76FA21266D5})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 2472
install date: 20070517
install location: C:\Program Files\Apple Software Update\
install source: C:\Users\KENNET~1.STO\AppData\Local\Temp\IXP007.TMP\
uninstall cmd: MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

SolutionCenter 82.0.188.000 ({A36CD345-625C-4d6c-B3E2-76E1248CB451})
version: 1375731900
version (major): 82
estimated size: 5622
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\SolutionCenter\
publisher: Hewlett-Packard

Copy 82.0.188.000 ({A3B7C670-4A1E-4EE2-950E-C875BC1965D0})
version: 1375731900
version (major): 82
estimated size: 2677
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\Copy\
publisher: Hewlett-Packard

Microsoft Visual C++ 2005 Redistributable 8.0.50727.42 ({A49F249F-0C91-497F-86DF-B2585E8E76B7})
version: 134268455
version (major): 8
estimated size: 558
install date: 20070404
install source: C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\Redist\
uninstall cmd: MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
publisher: Microsoft Corporation

DeviceManagementQFolder 1.00.0000 ({AB5D51AE-EBC3-438D-872C-705C7C2084B0})
version: 16777216
version (major): 1
estimated size: 124
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\QFolder\
publisher: Hewlett-Packard

C3100 82.0.233.000 ({AB61E316-F10B-43eb-B47F-42095835F9CC})
version: 1375731945
version (major): 82
estimated size: 3
install date: 20070404
install source: C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\Product\
publisher: Hewlett-Packard

Adobe Reader 8 8.0.0 ({AC76BA86-7AD7-1033-7B44-A80000000002})
version: 134217728
version (major): 8
estimated size: 118052
install date: 20070405
install location: C:\Program Files\Adobe\Reader 8.0\Reader\
install source: C:\Users\XYZ123\AppData\LocalLow\Netopsystems\temp\Adobe Reader 8.0\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
readme: C:\Program Files\Adobe\Reader 8.0\Reader\Readme.htm

AIO_CDA_Software 82.0.233.000 ({AF1C9345-B53D-4110-BFBF-A0DD83AEAB83})
version: 1375731945
version (major): 82
estimated size: 4067
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\software\
publisher: Hewlett-Packard

Company of Heroes 1.0.0.78 ({BA801B94-C28D-46EE-B806-E1E021A3D519})
version: 16777216
version (major): 1
estimated size: 4125976
install date: 20070407
install location: C:\Program Files\THQ\Company of Heroes\
install source: D:\
uninstall cmd: MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
publisher: THQ Inc.
readme: C:\Program Files\THQ\Company of Heroes\Readme.txt

BufferChm 82.0.173.000 ({BE77A81F-B315-4666-9BF3-AE70C0ADB057})
version: 1375731885
version (major): 82
estimated size: 2430
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\BufferChm\
publisher: Hewlett-Packard

Toolbox 82.0.173.000 ({C716522C-3731-4667-8579-40B098294500})
version: 1375731885
version (major): 82
estimated size: 6005
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\Toolbox\
publisher: Hewlett-Packard

HP Product Detection 4.00.0000 ({CAE7D1D9-3794-4169-B4DD-964ADBC534EE})
version: 67108864
version (major): 4
estimated size: 478
install date: 20070404
install location: C:\Program Files\HP\Common\
install source: C:\Windows\Downloaded Installations\{3ED77CC5-54D9-4067-BC5C-BEA2239FC183}\
uninstall cmd: MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
publisher: Hewlett-Packard Company

Sid Meier's Civilization 4 1.61 ({CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8})
version: 20774912
install date: 20070519
install location: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4
install source: D:\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe -runfromtemp -l0x0009 -removeonly
publisher: Firaxis Games
help link: http://www.2kgames.com/civ4/support.htm
readme: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Readme.htm

UnloadSupport 1.00.0000 ({E06F04B9-45E6-4AC0-8083-85F7515F40F7})
version: 16777216
version (major): 1
estimated size: 4138
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\UnloadSupport\
publisher: Hewlett-Packard

HP Photosmart Essential 1.12.0.46 ({EB21A812-671B-4D08-B974-2A347F0D8F70})
version: 17563648
version (major): 1
version (minor): 12
estimated size: 11770
install date: 20070404
install location: C:\Program Files\HP\Photosmart Essential\
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\ImageZoneExpress\
uninstall cmd: MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
publisher: HP
help link: http://www.hp.com

32 Bit HP CIO Components Installer 1.0.0 ({F1E63043-54FC-429B-AB2C-31AF9FBA4BC7})
version: 16777216
version (major): 1
estimated size: 212
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\drivers\dot4\wrapper\
uninstall cmd: MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
publisher: Hewlett-Packard

TrayApp 82.0.188.000 ({FF075778-6E50-47ed-991D-3B07FD4E3250})
version: 1375731900
version (major): 82
estimated size: 410
install date: 20070404
install source: C:\Users\XYZ123\AppData\Local\Temp\7zS978D.tmp\setup\TrayApp\
publisher: Hewlett-Packard



--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: system32\drivers\acpi.sys
Image size: 255592
Image MD5: 192BDBD1540645C4A2AA69F24CCE197F
Start: 0
Type: 1
Error Control: 3

Service (registry key): adp94xx
Image path: \SystemRoot\system32\drivers\adp94xx.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpahci
Image path: \SystemRoot\system32\drivers\adpahci.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Image path: \SystemRoot\system32\drivers\adpu160m.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu320
Image path: \SystemRoot\system32\drivers\adpu320.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): adsi
Start: 0
Type: 0
Error Control: 0

Service (registry key): AeLookupSvc
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1

Service (registry key): AFD
Display name: Ancilliary Function Driver for Winsock
Description: Ancilliary Function Driver for Winsock
Image path: \SystemRoot\system32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): aic78xx
Image path: \SystemRoot\system32\drivers\djsvs.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALG
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 58880
Image MD5: E69FB0E3112C40FDC0EF7D21A52DC951
Start: 3
Type: 16
Error Control: 1

Service (registry key): aliide
Image path: \SystemRoot\system32\drivers\aliide.sys
Start: 4
Type: 1
Error Control: 3

Service (registry key): amdagp
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\system32\drivers\amdagp.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdide
Image path: \SystemRoot\system32\drivers\amdide.sys
Start: 4
Type: 1
Error Control: 3

Service (registry key): AmdK7
Display name: AMD K7 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk7.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK8
Display name: AMD K8 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk8.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): Appinfo
Display name: @%systemroot%\system32\appinfo.dll,-100
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc

Service (registry key): arc
Image path: \SystemRoot\system32\drivers\arc.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): arcsas
Image path: \SystemRoot\system32\drivers\arcsas.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): AsIO
Display name: AsIO
Image path: system32\drivers\AsIO.sys
Image size: 12664
Image MD5: 663F2FB92608073824EE3106886120F3
Start: 1
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 17408
Image MD5: E86CF7CE67D5DE898F27EF884DC357D8
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: IDE Channel
Image path: system32\drivers\atapi.sys
Image size: 19048
Image MD5: 4F4FCB8B6EA06784FB6D475B7EC7300F
Start: 0
Type: 1
Error Control: 3

Service (registry key): AudioEndpointBuilder
Display name: @%SystemRoot%\system32\audiosrv.dll,-204
Description: @%SystemRoot%\System32\audiosrv.dll,-205
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): Audiosrv
Display name: @%SystemRoot%\system32\audiosrv.dll,-200
Description: @%SystemRoot%\System32\audiosrv.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Display name: Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BFE
Display name: @%SystemRoot%\system32\bfe.dll,-1001
Description: @%SystemRoot%\system32\bfe.dll,-1002
Object name: NT AUTHORITY\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BITS
Display name: @%SystemRoot%\system32\qmgr.dll,-1000
Description: @%SystemRoot%\system32\qmgr.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): blbdrive
Image path: \SystemRoot\system32\drivers\blbdrive.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): bowser
Display name: Bowser
Description: Implements the datagram receiver for the computer browser browser service.
Image path: system32\DRIVERS\bowser.sys
Image size: 69632
Image MD5: 913CD06FBE9105CE6077E90FD4418561
Start: 3
Type: 2
Error Control: 1

Service (registry key): BrFiltLo
Display name: Brother USB Mass-Storage Lower Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltlo.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrFiltUp
Display name: Brother USB Mass-Storage Upper Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltup.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): Browser
Display name: @%systemroot%\system32\browser.dll,-100
Description: @%systemroot%\system32\browser.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): Brserid
Display name: Brother MFC Serial Port Interface Driver (WDM)
Image path: \SystemRoot\system32\drivers\brserid.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrSerWdm
Display name: Brother WDM Serial driver
Image path: \SystemRoot\system32\drivers\brserwdm.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbMdm
Display name: Brother MFC USB Fax Only Modem
Image path: \SystemRoot\system32\drivers\brusbmdm.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbSer
Display name: Brother MFC USB Serial WDM Driver
Image path: \SystemRoot\system32\drivers\brusbser.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthEnum
Display name: Bluetooth Request Block Driver
Image path: system32\DRIVERS\BthEnum.sys
Image size: 19456
Image MD5: A820438255F37AB8BAA2BD59753A8D81
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHMODEM
Display name: Bluetooth Serial Communications Driver
Image path: \SystemRoot\system32\drivers\bthmodem.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): BthPan
Display name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Image path: system32\DRIVERS\bthpan.sys
Image size: 92160
Image MD5: B8C3D9DDF85FD197C3E5F849FEF71144
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHPORT
Display name: Bluetooth Port Driver
Image path: System32\Drivers\BTHport.sys
Image size: 220160
Image MD5: 4A74BBB2B6761789F42A6613479BDB1D
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthServ
Display name: @%SystemRoot%\System32\bthserv.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): BTHUSB
Display name: Bluetooth Radio USB Driver
Image path: System32\Drivers\BTHUSB.sys
Image size: 29184
Image MD5: 1A407F9B707A06F55AA150F9AA072B09
Start: 3
Type: 1
Error Control: 1

Service (registry key): cdfs
Display name: CD/DVD File System Reader
Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
Image path: system32\DRIVERS\cdfs.sys
Image size: 70144
Image MD5: 6C3A437FC873C6F6A4FC620B6888CB86
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): cdrom
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 67072
Image MD5: 8D1866E61AF096AE8B582454F5E4D303
Start: 1
Type: 1
Error Control: 1

Service (registry key): CertPropSvc
Display name: @%SystemRoot%\System32\certprop.dll,-11
Description: @%SystemRoot%\System32\certprop.dll,-12
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): circlass
Display name: Consumer IR Devices
Image path: \SystemRoot\system32\drivers\circlass.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): CLFS
Display name: Common Log (CLFS)
Description: Common Log (CLFS)
Image path: System32\CLFS.sys
Image size: 221800
Image MD5: 51B4B82560E49C415AE5B1337D635C3F
Start: 0
Type: 1
Error Control: 3

Service (registry key): clr_optimization_v2.0.50727_32
Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 59392
Image MD5: D3BF342F47996E18490970FCFB8126A8
Start: 3
Type: 16
Error Control: 0

Service (registry key): cmdide
Image path: \SystemRoot\system32\drivers\cmdide.sys
Start: 4
Type: 1
Error Control: 3

Service (registry key): Compbatt
Display name: Microsoft Composite Battery Driver
Image path: \SystemRoot\system32\drivers\compbatt.sys
Start: 4
Type: 1
Error Control: 3

Service (registry key): COMSysApp
Display name: @comres.dll,-947
Description: @comres.dll,-948
Object name: LocalSystem
Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 7168
Image MD5: BE01E566D1F569AAB32D0335613E1EEA
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem,SENS

Service (registry key): crcdisk
Display name: Crcdisk Filter Driver
Image path: system32\drivers\crcdisk.sys
Image size: 22632
Image MD5: 2A213AE086BBEC5E937553C7D9A2B22C
Start: 0
Type: 1
Error Control: 1

Service (registry key): Crusoe
Display name: Transmeta Crusoe Processor Driver
Image path: \SystemRoot\system32\drivers\crusoe.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): crypt32
Start: 0
Type: 0
Error Control: 0

Service (registry key): CryptSvc
Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): DCLocator
Start: 0
Type: 0
Error Control: 0

Service (registry key): DcomLaunch
Display name: @oleres.dll,-5012
Description: @oleres.dll,-5013
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1

Service (registry key): DfsC
Display name: Dfs Client Driver
Description: Dfs Client Driver
Image path: System32\Drivers\dfsc.sys
Image size: 74752
Image MD5: A7179DE59AE269AB70345527894CCD7C
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): DFSR
Display name: @dfsrres.dll,-101
Description: @dfsrres.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\DFSR.exe
Image size: 2089984
Image MD5: E0D584AA76C7D845BA9F3A788260528F
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): DFUBTUSB
Display name: WIDCOMM USB Bluetooth Driver in DFU State
Image path: System32\Drivers\frmupgr.sys
Image size: 27536
Image MD5: 31273C758C6DF7FC27B00BE78C7220E9
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dhcp
Display name: @%SystemRoot%\system32\dhcpcsvc.dll,-100
Description: @%SystemRoot%\system32\dhcpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,Tdx,Afd

Service (registry key): disk
Display name: Disk Driver
Image path: system32\drivers\disk.sys
Image size: 52840
Image MD5: 841AF4C4D41D3E3B2F244E976B0F7963
Start: 0
Type: 1
Error Control: 1

Service (registry key): DNADownloader
Display name: DNADownloader
Description: Downloads files quickly and reliably from GameSpot.com
Object name: LocalSystem
Image path: C:\Program Files\GameSpot\DownloadManager_Win32.exe
Image size: 700416
Image MD5: DA4883E6212D9E644FD874AFAB7460B6
Start: 2
Type: 272
Error Control: 1

Service (registry key): Dnscache
Display name: @%SystemRoot%\System32\dnsapi.dll,-101
Description: @%SystemRoot%\System32\dnsapi.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: Tdx

Service (registry key): dot3svc
Display name: @%systemroot%\system32\dot3svc.dll,-1102
Description: @%systemroot%\system32\dot3svc.dll,-1103
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio,Eaphost

Service (registry key): Dot4
Display name: MS IEEE-1284.4 Driver
Image path: system32\DRIVERS\Dot4.sys
Image size: 131584
Image MD5: 57B2D433A08B95E4F1B53A919937F3E5
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dot4Print
Display name: Print Class Driver for IEEE-1284.4
Image path: system32\DRIVERS\Dot4Prt.sys
Image size: 16384
Image MD5: D93FA484BB62FBE7E5EF335C5415D3CF
Start: 3
Type: 1
Error Control: 1

Service (registry key): dot4usb
Display name: MS Dot4USB Filter Dot4USB Filter
Image path: system32\DRIVERS\dot4usb.sys
Image size: 36864
Image MD5: 599742C4260FB3E8EDB3BE148B8CE856
Start: 3
Type: 1
Error Control: 0

Service (registry key): DPS
Display name: @%systemroot%\system32\dps.dll,-500
Description: @%systemroot%\system32\dps.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1

Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 5632
Image MD5: EE472CD2C01F6F8E8AA1FA06FFEF61B6
Start: 3
Type: 1
Error Control: 1

Service (registry key): DXGKrnl
Display name: LDDM Graphics Subsystem
Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Start: 3
Type: 1
Error Control: 0

Service (registry key): E1G60
Display name: Intel(R) PRO/1000 NDIS 6 Adapter Driver
Image path: system32\DRIVERS\E1G60I32.sys
Image size: 117760
Image MD5: F88FB26547FD2CE6D0A5AF2985892C48
Start: 3
Type: 1
Error Control: 1

Service (registry key): EapHost
Display name: @%systemroot%\system32\eapsvc.dll,-1
Description: @%systemroot%\system32\eapsvc.dll,-2
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,KeyIso

Service (registry key): Ecache
Display name: ReadyBoost Caching Driver
Description: ReadyBoost Caching Driver
Image path: System32\drivers\ecache.sys
Image size: 132200
Image MD5: 0EFC7531B936EE57FDB4E837664C509F
Start: 0
Type: 1
Error Control: 3

Service (registry key): ehRecvr
Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehRecvr.exe
Image size: 291840
Image MD5: B4580122B0A7B263B6EE9ACBA69C8013
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): ehSched
Display name: @%SystemRoot%\ehome\ehsched.exe,-101
Description: @%SystemRoot%\ehome\ehsched.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehsched.exe
Image size: 131072
Image MD5: AD1870C8E5D6DD340C829E6074BF3C3F
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): ehstart
Display name: @%SystemRoot%\ehome\ehstart.dll,-101
Description: @%SystemRoot%\ehome\ehstart.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): elxstor
Image path: \SystemRoot\system32\drivers\elxstor.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): EmdCache
Start: 0
Type: 0
Error Control: 0

Service (registry key): EMDMgmt
Display name: @%SystemRoot%\system32\emdmgmt.dll,-1000
Description: @%SystemRoot%\system32\emdmgmt.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 0
Depends On services: rpcss,ecache,slsvc,fileinfo

Service (registry key): ESENT
Start: 0
Type: 0
Error Control: 0

Service (registry key): Eventlog
Display name: @%SystemRoot%\system32\wevtsvc.dll,-200
Description: @%SystemRoot%\system32\wevtsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: @comres.dll,-2450
Description: @comres.dll,-2451
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): fastfat
Display name: FAT12/16/32 File System Driver
Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
Start: 3
Type: 2
Error Control: 1

Service (registry key): fdc
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 25088
Image MD5: 63BDADA84951B9C03E641800E176898A
Start: 3
Type: 1
Error Control: 1

Service (registry key): fdPHost
Display name: @%systemroot%\system32\fdPHost.dll,-100
Description: @%systemroot%\system32\fdPHost.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FDResPub
Display name: @%systemroot%\system32\fdrespub.dll,-100
Description: @%systemroot%\system32\fdrespub.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FileInfo
Display name: File Information FS MiniFilter
Description: Collects information about files in memory to be consumed by other system services.
Image path: system32\drivers\fileinfo.sys
Image size: 56424
Image MD5: 65773D6115C037FFD7EF8280AE85EB9D
Start: 0
Type: 2
Error Control: 1
Depends On services: fltmgr

Service (registry key): Filetrace
Display name: FileTrace
Description: ETW File Trace Filter
Image path: system32\drivers\filetrace.sys
Image size: 27648
Image MD5: C226DD0DE060745F3E042F58DCF78402
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): flpydisk
Display name: Floppy Disk Driver
Image path: system32\DRIVERS\flpydisk.sys
Image size: 20480
Image MD5: 6603957EFF5EC62D25075EA8AC27DE68
Start: 3
Type: 1
Error Control: 1

Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Image size: 183912
Image MD5: A6A8DA7AE4D53394AB22AC3AB6D3F5D3
Start: 0
Type: 2
Error Control: 3

Service (registry key): FontCache3.0.0.0
Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309
Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
Object name: NT Authority\LocalService
Image path: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Image size: 36864
Image MD5: 7EF57375636991F794BF40B522A8E7EF
Start: 3
Type: 16
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): gagp30kx
Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
Image path: \SystemRoot\system32\drivers\gagp30kx.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): GEARAspiWDM
Display name: GEARAspiWDM
Image path: System32\Drivers\GEARAspiWDM.sys
Image size: 15664
Image MD5: 4AC51459805264AFFD5F6FDFB9D9235F
Start: 3
Type: 1
Error Control: 1

Service (registry key): gpsvc
Display name: @gpapi.dll,-112
Description: @gpapi.dll,-113
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Mup

Service (registry key): HdAudAddService
Display name: Microsoft 1.1 UAA Function Driver for High Definition Audio Service
Image path: system32\drivers\HdAudio.sys
Image size: 235520
Image MD5: CB04C744BE0A61B1D648FAED182C3B59
Start: 3
Type: 1
Error Control: 1

Service (registry key): HDAudBus
Display name: Microsoft UAA Bus Driver for High Definition Audio
Image path: system32\DRIVERS\HDAudBus.sys
Image size: 53760
Image MD5: FFB271303BA3C59D9C97B7AF1175DE95
Start: 3
Type: 1
Error Control: 1

Service (registry key): HidBth
Display name: Microsoft Bluetooth HID Miniport
Image path: system32\DRIVERS\hidbth.sys
Image size: 29184
Image MD5: 1338520E78D90154ED6BE8F84DE5FCEB
Start: 3
Type: 1
Error Control: 0

Service (registry key): HidIr
Display name: Microsoft Infrared HID Driver
Image path: \SystemRoot\system32\drivers\hidir.sys
Start: 4
Type: 1
Error Control: 0

Service (registry key): hidserv
Display name: @%SystemRoot%\System32\hidserv.dll,-101
Description: @%SystemRoot%\System32\hidserv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1

Service (registry key): HidUsb
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 12288
Image MD5: 3C64042B95E583B366BA4E5D2450235E
Start: 3
Type: 1
Error Control: 0

Service (registry key): hkmsvc
Display name: @%SystemRoot%\system32\kmsvc.dll,-6
Descrip
randomomen
Active Member
 
Posts: 8
Joined: May 18th, 2007, 3:29 pm

Unread postby randomomen » May 27th, 2007, 9:38 am

Here's another hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 9:36:30 AM, on 5/27/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
randomomen
Active Member
 
Posts: 8
Joined: May 18th, 2007, 3:29 pm

Unread postby silver » May 27th, 2007, 10:14 am

Hi randomomen,

It looks like your Spybot log was cut off, could you please post the remaining part
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby randomomen » May 27th, 2007, 11:06 pm

Service (registry key): hkmsvc
Display name: @%SystemRoot%\system32\kmsvc.dll,-6
Description: @%SystemRoot%\system32\kmsvc.dll,-7
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): HpCISSs
Image path: \SystemRoot\system32\drivers\hpcisss.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): hpqcxs08
Display name: hpqcxs08
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k hpdevmgmt
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): hpqddsvc
Display name: HP CUE DeviceDiscovery Service
Description: This service detects and monitors CUE devices on the system.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k hpdevmgmt
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HPZius12
Display name: USB to IEEE-1284.4 Translation Driver HPZius12
Image path: system32\DRIVERS\HPZius12.sys
Image size: 21568
Image MD5: 7AC43C38CA8FD7ED0B0A4466F753E06E
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTP
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: system32\drivers\HTTP.sys
Image size: 385536
Image MD5: F31D27CCF514549A17E79BEBE01B40B6
Start: 3
Type: 1
Error Control: 1

Service (registry key): i2omp
Image path: \SystemRoot\system32\drivers\i2omp.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 54784
Image MD5: 1060F1377F395A242E27719440ECE602
Start: 1
Type: 1
Error Control: 1

Service (registry key): iaStorV
Display name: Intel RAID Controller Vista
Image path: \SystemRoot\system32\drivers\iastorv.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): idsvc
Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
Object name: LocalSystem
Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 741376
Image MD5: 6D1D3CAB85BA0C63CB83296A8A1825F9
Start: 3
Type: 32
Error Control: 1

Service (registry key): iirsp
Image path: \SystemRoot\system32\drivers\iirsp.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): IKEEXT
Display name: @%SystemRoot%\system32\ikeext.dll,-501
Description: @%SystemRoot%\system32\ikeext.dll,-502
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: BFE

Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0

Service (registry key): intelide
Image path: \SystemRoot\system32\drivers\intelide.sys
Start: 4
Type: 1
Error Control: 3

Service (registry key): intelppm
Display name: Intel Processor Driver
Image path: system32\DRIVERS\intelppm.sys
Image size: 39424
Image MD5: CE44CC04262F28216DD4341E9E36A16F
Start: 3
Type: 1
Error Control: 1

Service (registry key): IPBusEnum
Display name: @%systemroot%\system32\IPBusEnum.dll,-102
Description: @%systemroot%\system32\IPBusEnum.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,fdPHost

Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 47104
Image MD5: 880C6F86CC3F551B8FEA2C11141268C0
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iphlpsvc
Display name: @%SystemRoot%\system32\iphlpsvc.dll,-200
Description: @%SystemRoot%\system32\iphlpsvc.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi

Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IPMIDRV
Image path: \SystemRoot\system32\drivers\ipmidrv.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): IPNAT
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 99840
Image MD5: 10077C35845101548037DF04FD1A420B
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iPod Service
Display name: iPod Service
Description: iPod hardware management services
Object name: LocalSystem
Image path: "C:\Program Files\iPod\bin\iPodService.exe"
Image size: 500800
Image MD5: 661194608009B558DE1925C7EBE1A4BA
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): IRENUM
Display name: IR Bus Enumerator
Description: IR Bus Enumerator
Image path: system32\drivers\irenum.sys
Image size: 13312
Image MD5: A82F328F4792304184642D6D397BB1E3
Start: 3
Type: 1
Error Control: 0

Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: \SystemRoot\system32\drivers\isapnp.sys
Start: 4
Type: 1
Error Control: 3

Service (registry key): iScsiPrt
Display name: iScsiPort Driver
Image path: system32\DRIVERS\msiscsi.sys
Image size: 168552
Image MD5: 4DCA456D4D5723F8FA9C6760D240B0DF
Start: 3
Type: 1
Error Control: 1

Service (registry key): iteatapi
Display name: ITEATAPI_Service_Install
Image path: \SystemRoot\system32\drivers\iteatapi.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): iteraid
Display name: ITERAID_Service_Install
Image path: \SystemRoot\system32\drivers\iteraid.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): kbdclass
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 32872
Image MD5: 1A48765F92BA1A88445FC25C9C9D94FC
Start: 1
Type: 1
Error Control: 1

Service (registry key): kbdhid
Display name: Keyboard HID Driver
Image path: system32\DRIVERS\kbdhid.sys
Image size: 15872
Image MD5: D2600CB17B7408B4A83F231DC9A11AC3
Start: 1
Type: 1
Error Control: 0

Service (registry key): KeyIso
Display name: @keyiso.dll,-100
Description: @keyiso.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 7680
Image MD5: 6A0E382E74280E4CC0DF17FE2661D003
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): KSecDD
Image path: System32\Drivers\ksecdd.sys
Image size: 407144
Image MD5: 11D0BC1F2AFD8ABBB5A3DC47A042DE54
Start: 0
Type: 1
Error Control: 3

Service (registry key): KtmRm
Display name: @comres.dll,-2946
Description: @comres.dll,-2947
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): L8042Kbd
Display name: Logitech SetPoint Keyboard Driver
Image path: System32\Drivers\L8042Kbd.sys
Image size: 20496
Image MD5: 58759156A6918913EDD368F995BE3E53
Start: 3
Type: 1
Error Control: 0

Service (registry key): L8042mou
Display name: Logitech SetPoint PS/2 Mouse Filter Driver
Image path: System32\Drivers\L8042mou.sys
Start: 3
Type: 1
Error Control: 0

Service (registry key): LanmanServer
Display name: @%systemroot%\system32\srvsvc.dll,-100
Description: @%systemroot%\system32\srvsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: SamSS,Srv

Service (registry key): LanmanWorkstation
Display name: @%systemroot%\system32\wkssvc.dll,-100
Description: @%systemroot%\system32\wkssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI

Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0

Service (registry key): LHidFilt
Display name: Logitech SetPoint KMDF HID Filter Driver
Image path: system32\DRIVERS\LHidFilt.Sys
Image size: 34576
Image MD5: C91206CA84684057118265E8377C77B6
Start: 3
Type: 1
Error Control: 1

Service (registry key): LHidKe
Start: 0
Type: 0
Error Control: 0

Service (registry key): lltdio
Display name: Link-Layer Topology Discovery Mapper I/O Driver
Image path: system32\DRIVERS\lltdio.sys
Image size: 47104
Image MD5: FD015B4F95DAA2B712F0E372A116FBAD
Start: 2
Type: 1
Error Control: 1

Service (registry key): lltdsvc
Display name: @%SystemRoot%\system32\lltdres.dll,-1
Description: @%SystemRoot%\system32\lltdres.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,lltdio

Service (registry key): lmhosts
Display name: @%SystemRoot%\system32\lmhsvc.dll,-101
Description: @%SystemRoot%\system32\lmhsvc.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): LMouFilt
Display name: Logitech SetPoint KMDF Mouse Filter Driver
Image path: system32\DRIVERS\LMouFilt.Sys
Image size: 33296
Image MD5: 9F03720FA5E6D14CD4DFEA610F2C1A7C
Start: 3
Type: 1
Error Control: 1

Service (registry key): LMouKE
Display name: Logitech SetPoint Mouse Filter Driver
Image path: System32\Drivers\LMouKE.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): Lsa
Start: 0
Type: 0
Error Control: 0

Service (registry key): LSI_FC
Image path: \SystemRoot\system32\drivers\lsi_fc.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): LSI_SAS
Image path: \SystemRoot\system32\drivers\lsi_sas.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): LSI_SCSI
Image path: \SystemRoot\system32\drivers\lsi_scsi.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): luafv
Display name: UAC File Virtualization
Description: Virtualizes file write failures to per-user locations.
Image path: \SystemRoot\system32\drivers\luafv.sys
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): McAfeeFramework
Display name: McAfee Framework Service
Description: Shared component framework for McAfee products
Object name: LocalSystem
Image path: "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart
Image size: 104000
Image MD5: 1BC1A6B644D4CC1964CD851E92B604F4
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): McShield
Display name: McAfee McShield
Description: Provides McAfee On-Access scanning protection of your computer system.
Object name: LocalSystem
Image path: "C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe"
Image size: 144960
Image MD5: 12BEF73E0281AC793865BE1A331C67FC
Start: 2
Type: 16
Error Control: 1

Service (registry key): McTaskManager
Display name: McAfee Task Manager
Description: Allows scheduling of McAfee scanning and updating activities.
Object name: LocalSystem
Image path: "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe"
Image size: 54872
Image MD5: DD61B815E2CBA6CCA6B7ED607F466652
Start: 2
Type: 16
Error Control: 1

Service (registry key): Mcx2Svc
Display name: @%SystemRoot%\ehome\ehres.dll,-15501
Description: @%SystemRoot%\ehome\ehres.dll,-15502
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: SSDPSRV,IPBusEnum,TermService,fdphost

Service (registry key): megasas
Image path: \SystemRoot\system32\drivers\megasas.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): mfeapfk
Display name: McAfee Inc.
Image path: system32\drivers\mfeapfk.sys
Image size: 64360
Image MD5: 1F334EB2A13816DF45671EBB98896DA7
Start: 3
Type: 1
Error Control: 1

Service (registry key): mfeavfk
Display name: McAfee Inc.
Image path: system32\drivers\mfeavfk.sys
Image size: 72264
Image MD5: 8A1DEDBBDAD33587F6FAD780CE4B34B5
Start: 3
Type: 1
Error Control: 1

Service (registry key): mfehidk
Display name: McAfee Inc.
Image path: system32\drivers\mfehidk.sys
Image size: 168776
Image MD5: 0AE14FAB8E25C258C6EBF3827C649273
Start: 3
Type: 1
Error Control: 1

Service (registry key): mferkdk
Display name: VSCore mferkdk
Image path: \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
Image size: 31944
Image MD5: E72AFC5056F6804C616E7DC32A38945F
Start: 1
Type: 1
Error Control: 0

Service (registry key): mfetdik
Display name: McAfee Inc.
Image path: system32\drivers\mfetdik.sys
Image size: 52136
Image MD5: A47F0F63E92730DE15D41624AB998C5C
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): MMCSS
Display name: @%systemroot%\system32\mmcss.dll,-100
Description: @%systemroot%\system32\mmcss.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1

Service (registry key): Modem
Image path: system32\drivers\modem.sys
Image size: 31744
Image MD5: 21755967298A46FB6ADFEC9DB6012211
Start: 3
Type: 1
Error Control: 0

Service (registry key): monitor
Display name: Microsoft Monitor Class Function Driver Service
Image path: system32\DRIVERS\monitor.sys
Image size: 41984
Image MD5: EC839BA91E45CCE6EADAFC418FFF8206
Start: 3
Type: 1
Error Control: 1

Service (registry key): mouclass
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 31848
Image MD5: 3C9469DFB3440555DAB070716D768B1E
Start: 1
Type: 1
Error Control: 1

Service (registry key): mouhid
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 15872
Image MD5: A3A6DFF7E9E757DB3DF51A833BC28885
Start: 3
Type: 1
Error Control: 0

Service (registry key): MountMgr
Display name: Mount Point Manager
Image path: System32\drivers\mountmgr.sys
Image size: 54888
Image MD5: 01F1E5A3E4877C931CBB31613FEC16A6
Start: 0
Type: 1
Error Control: 3

Service (registry key): mpio
Display name: Microsoft Multi-Path Bus Driver
Image path: \SystemRoot\system32\drivers\mpio.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): mpsdrv
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093
Image path: System32\drivers\mpsdrv.sys
Image size: 63488
Image MD5: 8D326E8B321685D4784AFA1C55169D73
Start: 3
Type: 1
Error Control: 1

Service (registry key): MpsSvc
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: mpsdrv,bfe

Service (registry key): Mraid35x
Image path: \SystemRoot\system32\drivers\mraid35x.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Display name: WebDav Client Redirector Driver
Description: WebDav Client Redirector Driver
Image path: \SystemRoot\system32\drivers\mrxdav.sys
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb
Display name: SMB MiniRedirector Wrapper and Engine
Description: Implements the framework for the SMB filesystem redirector
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 101888
Image MD5: FCA7563D87F71C6DB0182CA67CC19AA7
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb10
Display name: SMB 1.x MiniRedirector
Description: Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers
Image path: system32\DRIVERS\mrxsmb10.sys
Image size: 211456
Image MD5: 58A9AB5754FA4CABEDE7401283B5A771
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): mrxsmb20
Display name: SMB 2.0 MiniRedirector
Description: Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers
Image path: system32\DRIVERS\mrxsmb20.sys
Image size: 57856
Image MD5: 79B09504E4A790104683722CD04F76B4
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): msahci
Image path: system32\DRIVERS\msahci.sys
Image size: 23144
Image MD5: 742AED7939E734C36B7E8D6228CE26B7
Start: 0
Type: 1
Error Control: 3

Service (registry key): msdsm
Display name: Microsoft Multi-Path Device Specific Module
Image path: \SystemRoot\system32\drivers\msdsm.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): MSDTC
Display name: @comres.dll,-2797
Description: @comres.dll,-2798
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\msdtc.exe
Image size: 106496
Image MD5: BC64A92D821EFEA8BAB8E8CAF1B668BC
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): MSDTC Bridge 3.0.0.0
Start: 0
Type: 0
Error Control: 0

Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): msisadrv
Display name: ISA/EISA Class Driver
Image path: system32\drivers\msisadrv.sys
Image size: 13928
Image MD5: 5F454A16A5146CD91A176D70F0CFA3EC
Start: 0
Type: 1
Error Control: 3

Service (registry key): MSiSCSI
Display name: @%SystemRoot%\system32\iscsidsc.dll,-5000
Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1

Service (registry key): msiserver
Display name: @%SystemRoot%\system32\msimsg.dll,-27
Description: @%SystemRoot%\system32\msimsg.dll,-32
Object name: LocalSystem
Image path: %systemroot%\system32\msiexec /V
Image size: 71680
Image MD5: B038D40785FA669BD8C3E0252909B4C2
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 8192
Image MD5: 892CEDEFA7E0FFE7BE8DA651B651D047
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5888
Image MD5: AE2CB1DA69B2676B4CEE2A501AF5871C
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 5504
Image MD5: F910DA84FA90C44A3ADDB7CD874463FD
Start: 3
Type: 1
Error Control: 1

Service (registry key): MsRPC
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSSCNTRS
Start: 0
Type: 0
Error Control: 0

Service (registry key): mssmbios
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 28776
Image MD5: 4385C80EDE885E25492D408CAD91BD6F
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSTEE
Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
Image path: system32\drivers\MSTEE.sys
Image size: 6016
Image MD5: C826DD1373F38AFD9CA46EC3C436A14E
Start: 3
Type: 1
Error Control: 1

Service (registry key): MTsensor
Display name: ATK0110 ACPI UTILITY
Image path: system32\DRIVERS\ASACPI.sys
Image size: 7680
Image MD5: DCDAAB8697A47894A554050CE18D0B56
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Display name: Mup
Description: Multiple UNC Provider
Image path: System32\Drivers\mup.sys
Image size: 46696
Image MD5: FA7AA70050CF5E2D15DE00941E5665E5
Start: 0
Type: 2
Error Control: 1

Service (registry key): napagent
Display name: @%SystemRoot%\system32\qagentrt.dll,-6
Description: @%SystemRoot%\system32\qagentrt.dll,-7
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): NativeWifiP
Display name: NativeWiFi Filter
Image path: system32\DRIVERS\nwifi.sys
Image size: 154112
Image MD5: 497DE786240303EE67AB01F5690C24C2
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDIS
Display name: NDIS System Driver
Description: NDIS System Driver
Image path: system32\drivers\ndis.sys
Image size: 500840
Image MD5: 227C11E1E7CF6EF8AFB2A238D209760C
Start: 0
Type: 1
Error Control: 3

Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: system32\DRIVERS\ndistapi.sys
Image size: 20480
Image MD5: 7584F1794B23B83D63CC124A8C56D103
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 16896
Image MD5: 5DE5EE546BF40838EBE0E01CB629DF64
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: system32\DRIVERS\ndiswan.sys
Image size: 118784
Image MD5: 397402ADCBB8946223A1950101F6CD94
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1

Service (registry key): Net Driver HPZ12
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k HPZ12
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 16
Error Control: 1

Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 35840
Image MD5: 356DBB9F98E8DC1028DD3092FCEEB877
Start: 1
Type: 2
Error Control: 1

Service (registry key): netbt
Display name: NETBT
Description: This service implements NetBios over TCP/IP.
Image path: System32\DRIVERS\netbt.sys
Image size: 184320
Image MD5: E3A168912E7EEFC3BD3B814720D68B41
Start: 1
Type: 1
Error Control: 1
Depends On services: Tdx,tcpip

Service (registry key): Netlogon
Display name: @%SystemRoot%\System32\netlogon.dll,-102
Description: @%SystemRoot%\System32\netlogon.dll,-103
Object name: LocalSystem
Image path: %systemroot%\system32\lsass.exe
Image size: 7680
Image MD5: 6A0E382E74280E4CC0DF17FE2661D003
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Display name: @%SystemRoot%\system32\netman.dll,-109
Description: @%SystemRoot%\system32\netman.dll,-110
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nsi

Service (registry key): netprofm
Display name: @%SystemRoot%\system32\netprof.dll,-246
Description: @%SystemRoot%\system32\netprof.dll,-247
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,nlasvc

Service (registry key): NetTcpPortSharing
Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200
Object name: NT AUTHORITY\LocalService
Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Image size: 122880
Image MD5: B418382DE04FF58567AA07A2B66B2332
Start: 4
Type: 32
Error Control: 1

Service (registry key): nfrd960
Image path: \SystemRoot\system32\drivers\nfrd960.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): NlaSvc
Display name: @%SystemRoot%\System32\nlasvc.dll,-1
Description: @%SystemRoot%\System32\nlasvc.dll,-2
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,RpcSs,TcpIp

Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): nsi
Display name: @%SystemRoot%\system32\nsisvc.dll,-200
Description: @%SystemRoot%\system32\nsisvc.dll,-201
Object name: NT Authority\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: nsiproxy

Service (registry key): nsiproxy
Display name: NSI proxy service
Description: NSI proxy service
Image path: system32\drivers\nsiproxy.sys
Image size: 16384
Image MD5: B488DFEC274DE1FC9D653870EF2587BE
Start: 1
Type: 1
Error Control: 1

Service (registry key): NTDS
Start: 0
Type: 0
Error Control: 0

Service (registry key): Ntfs
Start: 3
Type: 2
Error Control: 1

Service (registry key): ntrigdigi
Display name: N-trig HID Tablet Driver
Image path: \SystemRoot\system32\drivers\ntrigdigi.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): Null
Start: 1
Type: 1
Error Control: 1

Service (registry key): NVENETFD
Display name: NVIDIA nForce Networking Controller Driver
Image path: system32\DRIVERS\nvmfdx32.sys
Image size: 1032104
Image MD5: C7859D19648D45EE888666C044ECAB23
Start: 3
Type: 1
Error Control: 1

Service (registry key): nvlddmkm
Image path: system32\DRIVERS\nvlddmkm.sys
Image size: 7476640
Image MD5: F3F2B0FD5FCDA396F2F317A90A195E06
Start: 3
Type: 1
Error Control: 0

Service (registry key): nvraid
Image path: \SystemRoot\system32\drivers\nvraid.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): nvstor
Image path: system32\drivers\nvstor.sys
Image size: 35920
Image MD5: 4A5FCAB82D9BF6AF8A023A66802FE9E9
Start: 0
Type: 1
Error Control: 3

Service (registry key): nv_agp
Display name: NVIDIA nForce AGP Bus Filter
Image path: \SystemRoot\system32\drivers\nv_agp.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): ohci1394
Display name: VIA OHCI Compliant IEEE 1394 Host Controller
Image path: system32\DRIVERS\ohci1394.sys
Image size: 62080
Image MD5: BE32DA025A0BE1878F0EE8D6D9386CD5
Start: 3
Type: 1
Error Control: 1

Service (registry key): P17
Display name: SB Live! 24-bit
Image path: system32\drivers\P17.sys
Image size: 1122304
Image MD5: F646E128BE4C7FAD952E7876C97984D6
Start: 3
Type: 1
Error Control: 1

Service (registry key): p2pimsvc
Display name: @%SystemRoot%\system32\p2psvc.dll,-8004
Description: @%SystemRoot%\system32\p2psvc.dll,-8005
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1

Service (registry key): p2psvc
Display name: @%SystemRoot%\system32\p2psvc.dll,-8006
Description: @%SystemRoot%\system32\p2psvc.dll,-8007
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc,PNRPSvc

Service (registry key): Parport
Display name: Parallel port driver
Image path: system32\DRIVERS\parport.sys
Image size: 79360
Image MD5: 0FA9B5055484649D63C303FE404E5F4D
Start: 3
Type: 1
Error Control: 1

Service (registry key): partmgr
Display name: Partition Manager
Description: Disk class filter driver that auctions out partitions to volume managers
Image path: System32\drivers\partmgr.sys
Image size: 49256
Image MD5: 555A5B2C8022983BC7467BC925B222EE
Start: 0
Type: 1
Error Control: 3

Service (registry key): Parvdm
Image path: system32\DRIVERS\parvdm.sys
Image size: 8704
Image MD5: 4F9A6A8A31413180D0FCB279AD5D8112
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PcaSvc
Display name: @%SystemRoot%\system32\pcasvc.dll,-1
Description: @%SystemRoot%\system32\pcasvc.dll,-2
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): pci
Display name: PCI Bus Driver
Image path: system32\drivers\pci.sys
Image size: 140392
Image MD5: 1085D75657807E0E8B32F9E19A1647C3
Start: 0
Type: 1
Error Control: 3

Service (registry key): pciide
Image path: system32\drivers\pciide.sys
Image size: 13416
Image MD5: 3B1901E401473E03EB8C874271E50C26
Start: 0
Type: 1
Error Control: 3

Service (registry key): pcmcia
Image path: \SystemRoot\system32\drivers\pcmcia.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): PEAUTH
Display name: PEAUTH
Image path: system32\drivers\peauth.sys
Image size: 878080
Image MD5: 6349F6ED9C623B44B52EA3C63C831A92
Start: 2
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0

Service (registry key): pla
Display name: @%systemroot%\system32\pla.dll,-500
Description: @%systemroot%\system32\pla.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): PlugPlay
Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100
Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1

Service (registry key): Pml Driver HPZ12
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k HPZ12
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 16
Error Control: 1

Service (registry key): PNRPAutoReg
Display name: @%SystemRoot%\system32\p2psvc.dll,-8002
Description: @%SystemRoot%\system32\p2psvc.dll,-8003
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: pnrpsvc

Service (registry key): PNRPsvc
Display name: @%SystemRoot%\system32\p2psvc.dll,-8000
Description: @%SystemRoot%\system32\p2psvc.dll,-8001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc

Service (registry key): PolicyAgent
Display name: @%SystemRoot%\System32\polstore.dll,-5010
Description: @%SystemRoot%\system32\polstore.dll,-5011
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,bfe

Service (registry key): PortProxy
Start: 0
Type: 0
Error Control: 0

Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 61440
Image MD5: 6C359AC71D7B550A0D41F9DB4563CE05
Start: 3
Type: 1
Error Control: 1

Service (registry key): Processor
Display name: Processor Driver
Image path: \SystemRoot\system32\drivers\processr.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): ProfSvc
Display name: @%systemroot%\system32\profsvc.dll,-300
Description: @%systemroot%\system32\profsvc.dll,-301
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ProtectedStorage
Display name: @%systemroot%\system32\psbase.dll,-300
Description: @%systemroot%\system32\psbase.dll,-301
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 7680
Image MD5: 6A0E382E74280E4CC0DF17FE2661D003
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101
Description: @%SystemRoot%\System32\drivers\pacer.sys,-101
Image path: system32\DRIVERS\pacer.sys
Image size: 70144
Image MD5: B74EDF14453C9987E99E66535047EBEE
Start: 1
Type: 1
Error Control: 1

Service (registry key): ql2300
Display name: QLogic Fibre Channel Miniport Driver
Image path: \SystemRoot\system32\drivers\ql2300.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql40xx
Display name: QLogic iSCSI Miniport Driver
Image path: \SystemRoot\system32\drivers\ql40xx.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): QWAVE
Display name: @%SystemRoot%\system32\qwave.dll,-1
Description: @%SystemRoot%\system32\qwave.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,psched,QWAVEdrv,LLTDIO

Service (registry key): QWAVEdrv
Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
Image path: \SystemRoot\system32\drivers\qwavedrv.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 11776
Image MD5: BD7B30F55B3649506DD8B3D38F571D2A
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Display name: @%Systemroot%\system32\rasauto.dll,-200
Description: @%Systemroot%\system32\rasauto.dll,-201
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 75776
Image MD5: 88587DD843E2059848995B407B67F6CF
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Display name: @%Systemroot%\system32\rasmans.dll,-200
Description: @%Systemroot%\system32\rasmans.dll,-201
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv

Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: CCF4E9C6CBBAC81437F88CB2AE0B6C96
Start: 3
Type: 1
Error Control: 1

Service (registry key): rdbss
Display name: Redirected Buffering Sub Sysytem
Description: Provides the framework for network mini-redirectors
Image path: system32\DRIVERS\rdbss.sys
Image size: 222208
Image MD5: 54129C5D9581BBEC8BD1EBD3BA813F47
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): RDPCDD
Display name: RDPCDD
Description: RDPDD Chained DD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 6144
Image MD5: 794585276B5D7FCA9F3FC15543F9F0B9
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): rdpdr
Display name: Terminal Server Device Redirector Driver
Image path: \SystemRoot\system32\drivers\rdpdr.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): RDPENCDD
Display name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Image path: system32\drivers\rdpencdd.sys
Image size: 6144
Image MD5: 980B56E2E273E19D3A9D72D5C420F008
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPNP
Display name: @%systemroot%\system32\drprov.dll,-100
Description: @%systemroot%\system32\drprov.dll,-101
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Display name: RDP Winstation Driver
Start: 3
Type: 1
Error Control: 0

Service (registry key): RemoteAccess
Display name: @%Systemroot%\system32\mprdim.dll,-200
Description: @%Systemroot%\system32\mprdim.dll,-201
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS,RasMan,bfe
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Display name: @regsvc.dll,-1
Description: @regsvc.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k regsvc
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): RFCOMM
Display name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Image path: system32\DRIVERS\rfcomm.sys
Image size: 49664
Image MD5: 7EC90C316177BA3F1BCE92005264B447
Start: 3
Type: 1
Error Control: 1

Service (registry key): RpcLocator
Display name: @%systemroot%\system32\Locator.exe,-2
Description: @%systemroot%\system32\Locator.exe,-3
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 7680
Image MD5: 5123F83CBC4349D065534EEB6BBDC42B
Start: 3
Type: 16
Error Control: 1

Service (registry key): RpcSs
Display name: @oleres.dll,-5010
Description: @oleres.dll,-5011
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k rpcss
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: DcomLaunch

Service (registry key): rspndr
Display name: Link-Layer Topology Discovery Responder
Image path: system32\DRIVERS\rspndr.sys
Image size: 60416
Image MD5: 97E939D2128FEC5D5A3E6E79B290A2F4
Start: 2
Type: 1
Error Control: 1

Service (registry key): SamSs
Display name: @%SystemRoot%\system32\samsrv.dll,-1
Description: @%SystemRoot%\system32\samsrv.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 7680
Image MD5: 6A0E382E74280E4CC0DF17FE2661D003
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): sbp2port
Display name: SBP-2 Transport/Protocol Bus Driver
Image path: \SystemRoot\system32\drivers\sbp2port.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): SCardSvr
Display name: @%SystemRoot%\System32\SCardSvr.dll,-1
Description: @%SystemRoot%\System32\SCardSvr.dll,-5
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): Schedule
Display name: @%SystemRoot%\system32\schedsvc.dll,-100
Description: @%SystemRoot%\system32\schedsvc.dll,-101
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,EventLog

Service (registry key): SCPolicySvc
Display name: @%SystemRoot%\System32\certprop.dll,-13
Description: @%SystemRoot%\System32\certprop.dll,-14
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): SDRSVC
Display name: @%SystemRoot%\system32\sdrsvc.dll,-107
Description: @%SystemRoot%\system32\sdrsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): secdrv
Display name: Security Driver
Start: 2
Type: 1
Error Control: 1

Service (registry key): seclogon
Display name: @%SystemRoot%\system32\seclogon.dll,-7001
Description: @%SystemRoot%\system32\seclogon.dll,-7000
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1

Service (registry key): SENS
Display name: @%SystemRoot%\system32\Sens.dll,-200
Description: @%SystemRoot%\system32\Sens.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): Serenum
Display name: Serenum Filter Driver
Image path: system32\DRIVERS\serenum.sys
Image size: 17920
Image MD5: 68E44E331D46F0FB38F0863A84CD1A31
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Display name: Serial port driver
Image path: system32\DRIVERS\serial.sys
Image size: 83456
Image MD5: C70D69A918B178D3C3B06339B40C2E1B
Start: 3
Type: 1
Error Control: 0

Service (registry key): sermouse
Display name: Serial Mouse Driver
Image path: \SystemRoot\system32\drivers\sermouse.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): ServiceModelEndpoint 3.0.0.0
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelOperation 3.0.0.0
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelService 3.0.0.0
Start: 0
Type: 0
Error Control: 0

Service (registry key): SessionEnv
Display name: @%SystemRoot%\System32\SessEnv.dll,-1026
Description: @%SystemRoot%\System32\SessEnv.dll,-1027
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,LanmanWorkstation

Service (registry key): sffdisk
Display name: SFF Storage Class Driver
Image path: \SystemRoot\system32\drivers\sffdisk.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): sffp_mmc
Display name: SFF Storage Protocol Driver for MMC
Image path: \SystemRoot\system32\drivers\sffp_mmc.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): sffp_sd
Display name: SFF Storage Protocol Driver for SDBus
Image path: \SystemRoot\system32\drivers\sffp_sd.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): sfloppy
Display name: High-Capacity Floppy Disk Drive
Image path: \SystemRoot\system32\drivers\sfloppy.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): SharedAccess
Display name: @%SystemRoot%\system32\ipnathlp.dll,-106
Description: @%SystemRoot%\system32\ipnathlp.dll,-107
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 4
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt,RasMan,BFE

Service (registry key): ShellHWDetection
Display name: @%SystemRoot%\System32\shsvcs.dll,-12288
Description: @%SystemRoot%\System32\shsvcs.dll,-12289
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): sisagp
Display name: SIS AGP Bus Filter
Image path: \SystemRoot\system32\drivers\sisagp.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): SiSRaid2
Image path: \SystemRoot\system32\drivers\sisraid2.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): SiSRaid4
Image path: \SystemRoot\system32\drivers\sisraid4.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): slsvc
Display name: @%SystemRoot%\system32\SLsvc.exe,-101
Description: @%SystemRoot%\system32\SLsvc.exe,-100
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\SLsvc.exe
Image size: 2592256
Image MD5: 7610645679BB5994210D21A347E0C479
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): SLUINotify
Display name: @%SystemRoot%\system32\SLUINotify.dll,-103
Description: @%SystemRoot%\system32\SLUINotify.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: SLSvc,netprofm,EventSystem

Service (registry key): Smb
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006
Image path: system32\DRIVERS\smb.sys
Image size: 66048
Image MD5: AC0D90738ADB51A6FD12FF00874A2162
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): SMSvcHost 3.0.0.0
Start: 0
Type: 0
Error Control: 0

Service (registry key): SNMP
Start: 0
Type: 0
Error Control: 0

Service (registry key): SNMPTRAP
Display name: @%SystemRoot%\system32\snmptrap.exe,-3
Description: @%SystemRoot%\system32\snmptrap.exe,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\snmptrap.exe
Image size: 12800
Image MD5: 2A146A055B4401C16EE62D18B8E2A032
Start: 3
Type: 16
Error Control: 1

Service (registry key): spldr
Display name: Security Processor Loader Driver
Start: 0
Type: 1
Error Control: 3

Service (registry key): Spooler
Display name: @%systemroot%\system32\spoolsv.exe,-1
Description: @%systemroot%\system32\spoolsv.exe,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\spoolsv.exe
Image size: 124928
Image MD5: DA612EF2556776DF2630B68BF2D48935
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS,http

Service (registry key): srv
Image path: System32\DRIVERS\srv.sys
Image size: 290304
Image MD5: 2C677528B24D64D22886ECBE5CD97F20
Start: 3
Type: 2
Error Control: 1
Depends On services: srv2

Service (registry key): srv2
Display name: srv2
Description: Default SDDL for Windows Resource Protected file
Image path: System32\DRIVERS\srv2.sys
Image size: 129536
Image MD5: 382BAF4DCBD7648CED6C64A8A1E335B2
Start: 3
Type: 2
Error Control: 1
Depends On services: srvnet

Service (registry key): srvnet
Image path: System32\DRIVERS\srvnet.sys
Image size: 85504
Image MD5: F8E47A77E1690D8574962B69CB22BEB3
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Display name: @%systemroot%\system32\ssdpsrv.dll,-100
Description: @%systemroot%\system32\ssdpsrv.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): stisvc
Display name: @%SystemRoot%\system32\wiaservc.dll,-9
Description: @%SystemRoot%\system32\wiaservc.dll,-10
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs,ShellHWDetection

Service (registry key): swenum
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 12776
Image MD5: 1379BDB336F8158C176A465E30759F57
Start: 3
Type: 1
Error Control: 1

Service (registry key): swprv
Display name: @%SystemRoot%\System32\swprv.dll,-103
Description: @%SystemRoot%\System32\swprv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k swprv
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): Symc8xx
Image path: \SystemRoot\system32\drivers\symc8xx.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): Sym_hi
Image path: \SystemRoot\system32\drivers\sym_hi.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): Sym_u3
Image path: \SystemRoot\system32\drivers\sym_u3.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): SysMain
Display name: @%SystemRoot%\system32\sysmain.dll,-1000
Description: @%SystemRoot%\system32\sysmain.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 0
Depends On services: rpcss,fileinfo

Service (registry key): TabletInputService
Display name: @%SystemRoot%\system32\TabSvc.dll,-100
Description: @%SystemRoot%\system32\TabSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TapiSrv
Display name: @%SystemRoot%\system32\tapisrv.dll,-10100
Description: @%SystemRoot%\system32\tapisrv.dll,-10101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TBS
Display name: @%SystemRoot%\system32\tbssvc.dll,-100
Description: @%SystemRoot%\system32\tbssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1

Service (registry key): Tcpip
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Image path: System32\drivers\tcpip.sys
Image size: 802816
Image MD5: D944522B048A5FEB7700B5170D3D9423
Start: 1
Type: 1
Error Control: 1

Service (registry key): Tcpip6
Display name: Microsoft IPv6 Protocol Driver
Description: Microsoft IPv6 Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 802816
Image MD5: D944522B048A5FEB7700B5170D3D9423
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): tcpipreg
Display name: TCP/IP Registry Compatibility
Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
Image path: System32\drivers\tcpipreg.sys
Image size: 27648
Image MD5: 5CE0C4A7B12D0067DAD527D72B68C726
Start: 2
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): TDPIPE
Display name: TDPIPE
Image path: system32\drivers\tdpipe.sys
Image size: 17920
Image MD5: 964248AEF49C31FA6A93201A73FFAF50
Start: 3
Type: 1
Error Control: 1

Service (registry key): TDTCP
Display name: TDTCP
Image path: system32\drivers\tdtcp.sys
Image size: 28672
Image MD5: 7D2C1AE1648A60FCE4AA0F7982E419D3
Start: 3
Type: 1
Error Control: 1

Service (registry key): tdx
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Image path: system32\DRIVERS\tdx.sys
Image size: 68096
Image MD5: AB4FDE8AF4A0270A46A001C08CBCE1C2
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 50792
Image MD5: 2C549BD9DD091FBFAA0A2A48E82EC2FB
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Display name: @%SystemRoot%\System32\termsrv.dll,-268
Description: @%SystemRoot%\System32\termsrv.dll,-267
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,TermDD

Service (registry key): Themes
Display name: @%SystemRoot%\System32\shsvcs.dll,-8192
Description: @%SystemRoot%\System32\shsvcs.dll,-8193
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1

Service (registry key): THREADORDER
Display name: @%systemroot%\system32\mmcss.dll,-102
Description: @%systemroot%\system32\mmcss.dll,-103
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1

Service (registry key): TrkWks
Display name: @%SystemRoot%\system32\trkwks.dll,-1
Description: @%SystemRoot%\system32\trkwks.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TrustedInstaller
Display name: @%SystemRoot%\servicing\TrustedInstaller.exe,-100
Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101
Object name: localSystem
Image path: %SystemRoot%\servicing\TrustedInstaller.exe
Image size: 26112
Image MD5: CD987375605E6F9C3230E99EDA9D9C6D
Start: 3
Type: 16
Error Control: 1
Depends On services: PlugPlay

Service (registry key): TSDDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): tssecsrv
Display name: Terminal Services Security Filter Driver
Description: Terminal Services Security Filter Driver
Image path: System32\DRIVERS\tssecsrv.sys
Image size: 23552
Image MD5: 29F0ECA726F0D51F7E048BDB0B372F29
Start: 3
Type: 1
Error Control: 0

Service (registry key): tunmp
Display name: Microsoft Tun Miniport Adapter Driver
Image path: system32\DRIVERS\tunmp.sys
Image size: 15360
Image MD5: 80FC4AC81602C88E7D23618E6EFBA2C6
Start: 3
Type: 1
Error Control: 1

Service (registry key): tunnel
Display name: Microsoft IPv6 Tunnel Miniport Adapter Driver
Image path: system32\DRIVERS\tunnel.sys
Image size: 23040
Image MD5: 52DAA1FA3B5A40D6A6627B44C60A9B78
Start: 3
Type: 1
Error Control: 1
randomomen
Active Member
 
Posts: 8
Joined: May 18th, 2007, 3:29 pm

Unread postby randomomen » May 27th, 2007, 11:08 pm

Service (registry key): uagp35
Display name: Microsoft AGPv3.5 Filter
Image path: \SystemRoot\system32\drivers\uagp35.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): udfs
Display name: udfs
Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
Image path: system32\DRIVERS\udfs.sys
Image size: 225280
Image MD5: 6348DA98707CEDA8A0DFB05820E17732
Start: 4
Type: 2
Error Control: 1

Service (registry key): UGatherer
Start: 0
Type: 0
Error Control: 0

Service (registry key): UGTHRSVC
Start: 0
Type: 0
Error Control: 0

Service (registry key): UI0Detect
Display name: @%SystemRoot%\system32\ui0detect.exe,-101
Description: @%SystemRoot%\system32\ui0detect.exe,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\UI0Detect.exe
Image size: 35840
Image MD5: 24A333F4F14DCFB6FF6D5A1B9E5D79DD
Start: 3
Type: 272
Error Control: 1

Service (registry key): uliagpkx
Display name: Uli AGP Bus Filter
Image path: \SystemRoot\system32\drivers\uliagpkx.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): uliahci
Image path: \SystemRoot\system32\drivers\uliahci.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): UlSata
Image path: \SystemRoot\system32\drivers\ulsata.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): ulsata2
Image path: \SystemRoot\system32\drivers\ulsata2.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): umbus
Display name: UMBus Enumerator Driver
Image path: system32\DRIVERS\umbus.sys
Image size: 34816
Image MD5: 3FB78F1D1DD86D87BECECD9DFFA24DD9
Start: 3
Type: 1
Error Control: 1

Service (registry key): upnphost
Display name: @%systemroot%\system32\upnphost.dll,-213
Description: @%systemroot%\system32\upnphost.dll,-214
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): usb
Start: 0
Type: 0
Error Control: 0

Service (registry key): usbccgp
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 73216
Image MD5: 8BD3AE150D97BA4E633C6C5C51B41AE1
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbcir
Display name: eHome Infrared Receiver (USBCIR)
Image path: \SystemRoot\system32\drivers\usbcir.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): usbehci
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 38400
Image MD5: 63FE924D8A1113C3BA6750693FBEC7D3
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Display name: Microsoft USB Standard Hub Driver
Image path: system32\DRIVERS\usbhub.sys
Image size: 191488
Image MD5: 5EDEC5510592C905E91817707DCE62A2
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbohci
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: system32\DRIVERS\usbohci.sys
Image size: 19456
Image MD5: 38DBC7DD6CC5A72011F187425384388B
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbprint
Display name: Microsoft USB PRINTER Class
Image path: system32\DRIVERS\usbprint.sys
Image size: 18944
Image MD5: B51E52ACF758BE00EF3A58EA452FE360
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbscan
Display name: USB Scanner Driver
Image path: system32\DRIVERS\usbscan.sys
Image size: 35328
Image MD5: B1F95285C08DDFE00C0B955462637EC7
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 55296
Image MD5: 7887CE56934E7F104E98C975F47353C5
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbuhci
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: system32\DRIVERS\usbuhci.sys
Image size: 22528
Image MD5: 325DBBACB8A36AF9988CCF40EAC228CC
Start: 4
Type: 1
Error Control: 1

Service (registry key): UxSms
Display name: @%SystemRoot%\system32\dwm.exe,-2000
Description: @%SystemRoot%\system32\dwm.exe,-2001
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1

Service (registry key): vds
Display name: @%SystemRoot%\system32\vds.exe,-100
Description: @%SystemRoot%\system32\vds.exe,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\vds.exe
Image size: 392704
Image MD5: C9D0BAFEE0D0A2681F048CA61BC0DA96
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): vga
Image path: system32\DRIVERS\vgapnp.sys
Image size: 26112
Image MD5: 7D92BE0028ECDEDEC74617009084B5EF
Start: 3
Type: 1
Error Control: 0

Service (registry key): VgaSave
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0

Service (registry key): viaagp
Display name: VIA AGP Bus Filter
Image path: \SystemRoot\system32\drivers\viaagp.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): ViaC7
Display name: VIA C7 Processor Driver
Image path: \SystemRoot\system32\drivers\viac7.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): viaide
Image path: \SystemRoot\system32\drivers\viaide.sys
Start: 4
Type: 1
Error Control: 3

Service (registry key): volmgr
Display name: Volume Manager Driver
Image path: system32\drivers\volmgr.sys
Image size: 50280
Image MD5: 103E84C95832D0ED93507997CC7B54E8
Start: 0
Type: 1
Error Control: 3

Service (registry key): volmgrx
Display name: Dynamic Volume Manager
Description: Extension of the volume manager driver that manages software RAID volumes (spanned, striped, mirrored, RAID-5) on dynamic disks
Image path: System32\drivers\volmgrx.sys
Image size: 290408
Image MD5: 294DA8D3F965F6A8DB934A83C7B461FF
Start: 0
Type: 1
Error Control: 3

Service (registry key): volsnap
Display name: Storage volumes
Image path: system32\drivers\volsnap.sys
Image size: 208488
Image MD5: 11EF6C1CAEF76B685233450A126125D6
Start: 0
Type: 1
Error Control: 3

Service (registry key): vsmraid
Image path: \SystemRoot\system32\drivers\vsmraid.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): VSS
Display name: @%systemroot%\system32\vssvc.exe,-102
Description: @%systemroot%\system32\vssvc.exe,-101
Object name: LocalSystem
Image path: %systemroot%\system32\vssvc.exe
Image size: 924160
Image MD5: E0E29D9EF2524ABD11749C7C2FD7F607
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): W32Time
Display name: @%SystemRoot%\system32\w32time.dll,-200
Description: @%SystemRoot%\system32\w32time.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0

Service (registry key): WacomPen
Display name: Wacom Serial Pen HID Driver
Image path: \SystemRoot\system32\drivers\wacompen.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 61952
Image MD5: 6E1A5BE9A0605F3D932FF35FBA2B22B3
Start: 3
Type: 1
Error Control: 1

Service (registry key): Wanarpv6
Display name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 61952
Image MD5: 6E1A5BE9A0605F3D932FF35FBA2B22B3
Start: 1
Type: 1
Error Control: 1

Service (registry key): wcncsvc
Display name: @%SystemRoot%\system32\wcncsvc.dll,-3
Description: @%SystemRoot%\system32\wcncsvc.dll,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WcsPlugInService
Display name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k wcssvc
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Wd
Display name: Microsoft Watchdog Timer Driver
Image path: \SystemRoot\system32\drivers\wd.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): Wdf01000
Display name: Kernel Mode Driver Frameworks service
Image path: system32\drivers\Wdf01000.sys
Image size: 492648
Image MD5: 5DFDBD5EF13E4D95BE6FC108E2ED4A67
Start: 0
Type: 1
Error Control: 1

Service (registry key): WdiServiceHost
Display name: @%systemroot%\system32\wdi.dll,-502
Description: @%systemroot%\system32\wdi.dll,-503
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k wdisvc
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1

Service (registry key): WdiSystemHost
Display name: @%systemroot%\system32\wdi.dll,-500
Description: @%systemroot%\system32\wdi.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1

Service (registry key): WebClient
Display name: @%systemroot%\system32\webclnt.dll,-100
Description: @%systemroot%\system32\webclnt.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): Wecsvc
Display name: @%SystemRoot%\system32\wecsvc.dll,-200
Description: @%SystemRoot%\system32\wecsvc.dll,-201
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1

Service (registry key): wercplsupport
Display name: @%SystemRoot%\System32\wercplsupport.dll,-101
Description: @%SystemRoot%\System32\wercplsupport.dll,-100
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1

Service (registry key): WerSvc
Display name: @%SystemRoot%\System32\wersvc.dll,-100
Description: @%SystemRoot%\System32\wersvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 0

Service (registry key): WinDefend
Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-3068
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Windows Workflow Foundation 3.0.0.0
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinHttpAutoProxySvc
Display name: @%SystemRoot%\system32\winhttp.dll,-100
Description: @%SystemRoot%\system32\winhttp.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: Dhcp

Service (registry key): Winmgmt
Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): WinRM
Display name: @%Systemroot%\system32\wsmsvc.dll,-101
Description: @%Systemroot%\system32\wsmsvc.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,HTTP

Service (registry key): Winsock
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wlansvc
Display name: @%SystemRoot%\System32\wlansvc.dll,-257
Description: @%SystemRoot%\System32\wlansvc.dll,-258
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost

Service (registry key): WmiAcpi
Display name: Microsoft Windows Management Interface for ACPI
Image path: \SystemRoot\system32\drivers\wmiacpi.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): WmiApRpl
Start: 0
Type: 0
Error Control: 0

Service (registry key): wmiApSrv
Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
Object name: localSystem
Image path: %systemroot%\system32\wbem\WmiApSrv.exe
Image size: 137216
Image MD5: A279323BEE5FFFAFDA222910BCE92132
Start: 3
Type: 16
Error Control: 1

Service (registry key): WMPNetworkSvc
Display name: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
Description: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-102
Object name: NT AUTHORITY\NetworkService
Image path: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
Image size: 895488
Image MD5: ACB2E63D50157E3EA7140F29D9E76A48
Start: 3
Type: 16
Error Control: 1
Depends On services: UPnPHost,http

Service (registry key): WPCSvc
Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
Description: @%SystemRoot%\system32\wpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): WPDBusEnum
Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ws2ifsl
Display name: Winsock IFS driver
Description: Winsock IFS driver
Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): wscsvc
Display name: @%SystemRoot%\System32\wscsvc.dll,-200
Description: @%SystemRoot%\System32\wscsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,WinMgmt

Service (registry key): WSearch
Display name: @%systemroot%\system32\SearchIndexer.exe,-103
Description: @%systemroot%\system32\SearchIndexer.exe,-104
Object name: LocalSystem
Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
Image size: 287744
Image MD5: 5DE40982E3AE45DC00586A93637B351B
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WSearchIdxPi
Start: 0
Type: 0
Error Control: 0

Service (registry key): wuauserv
Display name: @%systemroot%\system32\wuaueng.dll,-105
Description: @%systemroot%\system32\wuaueng.dll,-106
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WUDFRd
Image path: system32\DRIVERS\WUDFRd.sys
Image size: 82560
Image MD5: A2AAFCC8A204736296D937C7C545B53F
Start: 3
Type: 1
Error Control: 1

Service (registry key): wudfsvc
Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): xmlprov
Start: 0
Type: 0
Error Control: 0

Service (registry key): {610A7E58-A371-4D09-9396-1458835E1807}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {D88CADCA-6F8E-4477-927D-6106A20446C0}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {FBE797D5-386A-4748-940F-DA574998649A}
Start: 0
Type: 0
Error Control: 0

That should be all of it. Thanks for helping, btw :)
randomomen
Active Member
 
Posts: 8
Joined: May 18th, 2007, 3:29 pm

Unread postby silver » May 28th, 2007, 12:13 am

Hi randomomen,

Firstly, the Blackcore detection I can see in your Spybot log is this:
BlackCore: Tracking cookie (Firefox: default) (Cookie, fixed)

This is a tracking cookie and not a trojan. As it is not a trojan you can disregard the warning I gave earlier about password theft.

You should know that cookies are not malware and what you have found does not indicate an infection. Cookies will usually be created on your machine whenever you browse the web and can be very useful, however advertising cookies such as the ones Spybot removes do not help you and can be a privacy risk - this is why your protection software removes them.

There is some straightforward information on cookies from Microsoft here:
http://www.microsoft.com/info/cookies.mspx
This article covers cookies in detail and explains some of the privacy concerns associated with them:
http://www.howstuffworks.com/cookie.htm/printable

Generally speaking they aren't anything to be overly concerned about, especially if you are regularly scanning with your anti-malware products. However if you are concerned about cookies and wish to have more control over the cookies placed on your machine, let me know in your next response and I'll give you some further suggestions.

We will do one more scan:

Please download F-Secure Blacklight (blbeta.exe):
https://europe.f-secure.com/blacklight/try.shtml
  • Click I ACCEPT and download the graphical user interface version to your Desktop
  • Double click the file to run it, choose I accept the agreement then press Scan
  • It will create the fsbl-xxxxxxx.log on your desktop.
  • The log will have a list of all items found.
  • Do not choose to rename any yet! I want to see the log first because legitimate items can also be present.
  • Exit Blacklight and post the contents of the log in your next reply.

Run HijackThis as an administrator
HijackThis needs to be run as administrator to allow it full access to your system
Open the C:\Program Files\Hijackthis folder, right-click HijackThis.exe and choose Properties
Choose the Compatibility tab, place a check-mark in the Run this program as an administrator box and press OK
When you open HijackThis you should receive a UAC prompt asking permission for HijackThis.exe to execute - choose Allow

Once complete, please post the Blacklight log and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby randomomen » May 28th, 2007, 8:33 am

05/28/07 08:26:49 [Info]: BlackLight Engine 1.0.61 initialized
05/28/07 08:26:49 [Info]: OS: 6.0 build 6000 ()
05/28/07 08:26:49 [Note]: 7019 4
05/28/07 08:26:49 [Note]: 7005 0
05/28/07 08:26:59 [Note]: 7006 0
05/28/07 08:26:59 [Note]: 7027 1
05/28/07 08:26:59 [Note]: 7027 0
05/28/07 08:26:59 [Note]: 7026 0
05/28/07 08:27:00 [Note]: 7026 0
05/28/07 08:27:01 [Note]: FSRAW library version 1.7.1021
05/28/07 08:28:12 [Note]: 2000 1012


And the hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 8:31:57 AM, on 5/28/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
randomomen
Active Member
 
Posts: 8
Joined: May 18th, 2007, 3:29 pm

Unread postby silver » May 28th, 2007, 8:56 am

Hi randomomen,

At this stage I think your machine is clean :).

While we have eliminated malware, there are many other possible causes of the blue screen problem, and I think the best and fastest solution for you is to post on a PC troubleshooting forum like PC Pitstop. PC Pitstop specializes in handling problems like this so you are certain to get expert assistance and a speedy resolution is very likely.

You should now delete cureit.exe from your desktop and also the quarantine folder: C:\Users\XYZ1234\DoctorWeb\Quarantine

Here are some tips to help you keep your machine clean:

You have LimeWire, a P2P file sharing program installed on your computer. This program does not come bundled with malware as some similar programs do, butP2P file sharing networks are one of the biggest sources of malware we see. Anything downloaded from them cannot be trusted to be clean, because even if the file appears to be what it claims to be, it can have malware embedded in it.
I recommend you remove it, but of course the choice is yours. You can remove Limewire via Control Panel->Uninstall a program/Programs and Features.

Your Java is outdated and is now a security risk
NOTE: The Java download site may be down right now so please make a note of these instructions and use them as soon as the download is available.
Open Control Panel->Uninstall a program/Programs and Features
Search for all previous installed versions of Java. (J2SE Runtime Environment.... )
(It should have this icon next to it: Image)
Click that entry and then click on the Uninstall button and follow the instructions to remove Java.
Repeat to remove all versions of Java.
Download and install the newest version of Java Runtime Environment (JRE), from here:
http://java.sun.com/javase/downloads/index.jsp

IESPYADS helps protect you from malicious websites by placing a list of known bad websites in Internet Explorer's Restricted Zone. This Zone limits the capabilities of these websites including preventing them from installing software. This will compliment your security software and I recommend you install it:
http://www.spywarewarrior.com/uiuc/resource.htm

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
If you install this, be sure to follow the DNS Client service instructions and the Vista specific information before doing so.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future:
http://forum.malwareremoval.com/viewtopic.php?p=33687

Please post back to let me know you have read this, and if there are any further issues.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby randomomen » May 29th, 2007, 3:52 pm

Thank you for all your help. I have upgraded my JRE per your advice. Also, it appears Dr. Web did find two curious entries that were labled viruses. So those are gone, too, which is great.

I am still getting the blue screen of death roughly once per day. The PC's performance is just fine and runs all my software flawlessly, less the blue screen that occurs, usually upon start-up after being turned off for a few hours.

I will be contacting my PC's manufacturer to see how they can troubleshoot the blue screen.
randomomen
Active Member
 
Posts: 8
Joined: May 18th, 2007, 3:29 pm

Unread postby silver » May 29th, 2007, 8:01 pm

You are very welcome, best of luck!
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby Elrond » May 30th, 2007, 12:34 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware